116 lines
4 KiB
YAML
116 lines
4 KiB
YAML
version: '3'
|
|
|
|
services:
|
|
gitlab:
|
|
image: gitlab/gitlab-ce:latest
|
|
container_name: gitlab
|
|
restart: unless-stopped
|
|
environment:
|
|
GITLAB_OMNIBUS_CONFIG: |
|
|
external_url 'https://gitlab.{{ server.domain }}'
|
|
|
|
gitlab_rails['lfs_enabled'] = true
|
|
gitlab_rails['gitlab_shell_ssh_port'] = 22
|
|
nginx['listen_port'] = 80
|
|
nginx['listen_https'] = false
|
|
nginx['proxy_set_headers'] = {
|
|
'X-Forwarded-Proto' => 'https',
|
|
'X-Forwarded-Ssl' => 'on',
|
|
'Host' => 'gitlab.{{ server.domain }}'
|
|
}
|
|
|
|
registry['enable'] = true
|
|
registry_external_url 'https://registry.{{ server.domain }}'
|
|
registry_nginx['listen_port'] = 80
|
|
registry_nginx['listen_https'] = false
|
|
|
|
puma['worker_processes'] = 0
|
|
sidekiq['max_concurrency'] = 10
|
|
gitlab_rails['env'] = {
|
|
'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000'
|
|
}
|
|
gitaly['configuration'] = {
|
|
concurrency: [
|
|
{
|
|
'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
|
|
'max_per_repo' => 3,
|
|
}, {
|
|
'rpc' => "/gitaly.SSHService/SSHUploadPack",
|
|
'max_per_repo' => 3,
|
|
},
|
|
],
|
|
cgroups: {
|
|
repositories: {
|
|
count: 2,
|
|
},
|
|
mountpoint: '/sys/fs/cgroup',
|
|
hierarchy_root: 'gitaly',
|
|
memory_bytes: 500000,
|
|
cpu_shares: 512,
|
|
},
|
|
}
|
|
gitaly['env'] = {
|
|
'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000',
|
|
'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2'
|
|
}
|
|
volumes:
|
|
- {{ server.work_dir }}/gitlab/data/:/var/opt/gitlab/
|
|
- {{ server.work_dir }}/gitlab/config/:/etc/gitlab/
|
|
- {{ server.work_dir }}/gitlab/logs/:/var/log/gitlab/
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
networks:
|
|
- proxy
|
|
- interne
|
|
- metrics
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.docker.network=proxy
|
|
# HTTP Reverse proxy Gitlab
|
|
- traefik.http.routers.gitlab-secure.entrypoints=https
|
|
- traefik.http.routers.gitlab-secure.rule=Host(`gitlab.{{ server.domain }}`)
|
|
- traefik.http.routers.gitlab-secure.tls=true
|
|
- traefik.http.routers.gitlab-secure.tls.certresolver=sslResolver
|
|
- traefik.http.routers.gitlab-secure.service=gitlab
|
|
- traefik.http.services.gitlab.loadbalancer.server.port=80
|
|
# HTTP Reverse proxy Registry
|
|
- traefik.http.routers.gitlab-registry-secure.entrypoints=https
|
|
- traefik.http.routers.gitlab-registry-secure.rule=Host(`registry.{{ server.domain }}`)
|
|
- traefik.http.routers.gitlab-registry-secure.tls=true
|
|
- traefik.http.routers.gitlab-registry-secure.tls.certresolver=sslResolver
|
|
- traefik.http.routers.gitlab-registry-secure.service=gitlab-registry
|
|
- traefik.http.services.gitlab-registry.loadbalancer.server.port=80
|
|
# TCP SSH Reverse proxy Gitlab
|
|
- traefik.tcp.routers.gitlab-ssh.rule=HostSNI(`*`)
|
|
- traefik.tcp.routers.gitlab-ssh.entrypoints=ssh
|
|
- traefik.tcp.routers.gitlab-ssh.service=gitlab-ssh
|
|
- traefik.tcp.services.gitlab-ssh.loadbalancer.server.port=22
|
|
logging:
|
|
driver: loki
|
|
options:
|
|
loki-url: "https://lokidoki:vEGH5Z5siWgcDkNknvCVzPCyqhHSBJCBjeBRZJvxUP8SdgfxJ6AqCGutCWugGsx5@loki.mrdev023.fr/loki/api/v1/push"
|
|
mode: non-blocking
|
|
|
|
gitlab-runner:
|
|
image: gitlab/gitlab-runner:alpine
|
|
container_name: gitlab-runner
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- gitlab
|
|
volumes:
|
|
- {{ server.work_dir }}/gitlab/runner/:/etc/gitlab-runner/
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
networks:
|
|
- interne
|
|
logging:
|
|
driver: loki
|
|
options:
|
|
loki-url: "https://lokidoki:vEGH5Z5siWgcDkNknvCVzPCyqhHSBJCBjeBRZJvxUP8SdgfxJ6AqCGutCWugGsx5@loki.mrdev023.fr/loki/api/v1/push"
|
|
mode: non-blocking
|
|
|
|
networks:
|
|
interne:
|
|
metrics:
|
|
external: true
|
|
proxy:
|
|
external: true
|